“This Trojan monitors a user to see if they are currently logged in to Facebook. It then attempts to get a configuration file from the website <removed>[,]info/sqlvarbr.php,” said Jonathan San Jose of the Microsoft Malware Protection Center. “The file includes a list of commands of what the browser extension will do.”

The malware can add posts to a profile, like pages, join groups or invite others to join groups, chat and comment on posts. So far, Microsoft said it has seen posts in Portuguese on hijacked profiles trying to get users to click on a link, purported to be a video about a bullying-related suicide. Facebook has already blocked the link as malicious.

The Trojan, meanwhile, acts as a dropper and opens backdoor connections. When the malware infects Chrome, it tries to connect to du-pont.info/updates/[removed]/BL-chromebrasil[.]crx, while on Firefox, the connection is to du-pont.info/updates/[removed]/BL-mozillabrasil[.]xpi. The malware then attempts to update itself from either of those domains.

The malware’s capabilities and messages it posts to entice other users to infect themselves depends on the configuration file downloaded to the malware, Microsoft said. One link Microsoft shared as an example had 2,746 Likes, had been shared 167 times and had 165 comments, indicating a notable number of potential victims. Within hours after the initial analysis, all of those numbers had risen.

“There may be more to this threat because it can change its messages, URLs, Facebook pages and other activity at any time,” Microsoft’s San Jose said.

IE users are not at risk, Microsoft added.

Google and Mozilla have recently added protections that address threats via browser extensions. Google, in December, announced that it would halt silent extensions in Chrome. These used to be done without permission via the Windows registry mechanism, a feature that allows the installation of extensions alongside other applications, enabling third parties to opt-in users without their permission.

Those are now disabled by default in Chrome and a dialog pops up explaining the effect of the extension on the browser and any potential risks. The new feature also automatically disables any extensions installed using external deployment options in the past as well.

Mozilla, meanwhile, added a click-to-play feature beginning with Firefox 17 in November that prevents users from running out of date or vulnerable plug-ins or extensions. The move was designed to block exploits targeting these older versions of plug-ins such as Adobe Flash and Reader.

Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company’s crypto efforts.

The Final Say

There are a great many beautiful and unusual towns and cities in the world, there are volcanoes, there are valleys and canyons, and islands and lakes. There are also of course rivers: loads of them ...

One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report t...

Android smartphones and tablets are very popular among students for several reasons. First, they are relatively affordable. Second, they are flexible, so users can choose the most suitable set-up for ...